Make SSL False Start work with asynchronous certificate validation

(SSL_AuthCertificateComplete).

Patch by Brian Smith <brian@briansmith.org>.

NSS bug https://bugzilla.mozilla.org/show_bug.cgi?id=713933

R=agl@chromium.org
BUG=none
TEST=none

Review URL: https://codereview.chromium.org/23621040

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@227704 0039d316-1c4b-4281-b951-d872f2087c98

net/socket/ssl_client_socket_nss.cc

@@ -3137,7 +3137,8 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
         net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
   }
 
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, PR_FALSE);
+  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
+                     ssl_config_.false_start_enabled);
   if (rv != SECSuccess)
     LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
 

net/ssl/ssl_config_service.cc

@@ -42,7 +42,7 @@ SSLConfig::SSLConfig()
       version_max(g_default_version_max),
       cached_info_enabled(false),
       channel_id_enabled(true),
-      false_start_enabled(false),
+      false_start_enabled(true),
       unrestricted_ssl3_fallback_enabled(false),
       send_client_cert(false),
       verify_ev_cert(false),

net/third_party/nss/README.chromium

@@ -131,6 +131,10 @@ Patches:
     https://code.google.com/p/chromium/issues/detail?id=303398
     patches/resumeclienthelloversion.patch
 
+  * Make SSL False Start work with asynchronous certificate validation.
+    https://bugzilla.mozilla.org/show_bug.cgi?id=713933
+    patches/canfalsestart.patch
+
 Apply the patches to NSS by running the patches/applypatches.sh script.  Read
 the comments at the top of patches/applypatches.sh for instructions.
 

net/third_party/nss/patches/applypatches.sh

@@ -61,3 +61,5 @@ patch -p4 < $patches_dir/cachelocks.patch
 patch -p4 < $patches_dir/ciphersuiteversion.patch
 
 patch -p4 < $patches_dir/peercertchain2.patch
+
+patch -p4 < $patches_dir/canfalsestart.patch